Merge pull request #31202 from RocketChat/release-6.5.1

Release 6.5.1
RocketChat · Dec 26, 2023 · 89be910 · 89be910
2 parents 2a33067 + 4e49fcc
commit 89be910
Show file tree

Hide file tree

Showing 165 changed files with 1,008 additions and 539 deletions.
diff --git a/.changeset/bump-patch-1702298298384.md b/.changeset/bump-patch-1702298298384.md
@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Bump @rocket.chat/meteor version.
diff --git a/.changeset/fair-suns-study.md b/.changeset/fair-suns-study.md
@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Security improvements
diff --git a/.changeset/fresh-radios-whisper.md b/.changeset/fresh-radios-whisper.md
@@ -0,0 +1,5 @@
+---
+"@rocket.chat/meteor": patch
+---
+
+Fixed issue with the new `custom-roles` license module not being checked throughout the application
diff --git a/.changeset/gold-stingrays-compete.md b/.changeset/gold-stingrays-compete.md
@@ -0,0 +1,5 @@
+---
+"@rocket.chat/meteor": patch
+---
+
+fix: stop refetching banner data each 5 minutes
diff --git a/.changeset/lucky-apricots-change.md b/.changeset/lucky-apricots-change.md
@@ -0,0 +1,5 @@
+---
+"@rocket.chat/meteor": patch
+---
+
+Fixed an issue allowing admin user cancelling subscription when license's trial param is provided
diff --git a/.changeset/lucky-cycles-leave.md b/.changeset/lucky-cycles-leave.md
@@ -0,0 +1,5 @@
+---
+"@rocket.chat/meteor": patch
+---
+
+Fixed Country select component at Organization form from `onboarding-ui` package
diff --git a/.changeset/nasty-islands-trade.md b/.changeset/nasty-islands-trade.md
@@ -0,0 +1,6 @@
+---
+'@rocket.chat/rest-typings': minor
+'@rocket.chat/meteor': minor
+---
+
+fix Federation Regression, builds service correctly
diff --git a/.changeset/new-avocados-sort.md b/.changeset/new-avocados-sort.md
@@ -0,0 +1,7 @@
+---
+"@rocket.chat/meteor": patch
+---
+
+fix: Wrong `Message Roundtrip Time` metric
+
+Removes the wrong metric gauge named `rocketchat_messages_roundtrip_time` and replace it by a new summary metric named `rocketchat_messages_roundtrip_time_summary`. Add new percentiles `0.5, 0.95 and 1` to all summary metrics.
diff --git a/.changeset/popular-beds-heal.md b/.changeset/popular-beds-heal.md
@@ -0,0 +1,7 @@
+---
+'@rocket.chat/ddp-client': patch
+'@rocket.chat/core-typings': patch
+'@rocket.chat/meteor': patch
+---
+
+Exceeding API calls when sending OTR messages
diff --git a/.changeset/real-items-tan.md b/.changeset/real-items-tan.md
@@ -0,0 +1,5 @@
+---
+"@rocket.chat/ddp-client": patch
+---
+
+SDK login methods not saving token
diff --git a/.changeset/remove-license-31189.md b/.changeset/remove-license-31189.md
@@ -0,0 +1,5 @@
+---
+'@rocket.chat/ddp-client': patch
+---
+
+removed @rocket.chat/license as a dependency of ddp client
diff --git a/.changeset/resume-login-31301.md b/.changeset/resume-login-31301.md
@@ -0,0 +1,5 @@
+---
+'@rocket.chat/ddp-client': patch
+---
+
+fixed an issue with the ddp client reconnection not resuming the login
diff --git a/.changeset/save-token-31278.md b/.changeset/save-token-31278.md
@@ -0,0 +1,5 @@
+---
+'@rocket.chat/ddp-client': patch
+---
+
+fixed an issue with the ddp client account not saving credentials correctly
diff --git a/.changeset/sharp-rings-smash.md b/.changeset/sharp-rings-smash.md
@@ -0,0 +1,6 @@
+---
+"@rocket.chat/meteor": patch
+---
+
+Fixed a problem with the subscription creation on Omnichannel rooms. 
+Rooms were being created as seen, causing sound notifications to not work
diff --git a/.changeset/sour-kids-heal.md b/.changeset/sour-kids-heal.md
@@ -0,0 +1,6 @@
+---
+"@rocket.chat/meteor": patch
+"@rocket.chat/ddp-client": patch
+---
+
+Fixed a problem where chained callbacks' return value was being overrided by some callbacks returning something different, causing callbacks with lower priority to operate on invalid values
diff --git a/.changeset/spicy-kiwis-argue.md b/.changeset/spicy-kiwis-argue.md
@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Fix desktop notification routing for direct rooms
diff --git a/.changeset/spotty-suns-grin.md b/.changeset/spotty-suns-grin.md
@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Improved the experience of receiving conference calls on the mobile app by disabling the push notification for the "new call" message if a push is already being sent to trigger the phone's ringing tone.
diff --git a/.changeset/tame-drinks-yell.md b/.changeset/tame-drinks-yell.md
@@ -0,0 +1,5 @@
+---
+"@rocket.chat/meteor": patch
+---
+
+Fixed verify the account through email link
diff --git a/.changeset/violet-pears-cry.md b/.changeset/violet-pears-cry.md
@@ -0,0 +1,5 @@
+---
+'@rocket.chat/meteor': patch
+---
+
+Fixed the filter for file type in the list of room files
diff --git a/apps/meteor/app/2fa/client/TOTPPassword.js b/apps/meteor/app/2fa/client/TOTPPassword.js
@@ -2,7 +2,7 @@ import { Accounts } from 'meteor/accounts-base';
 import { Meteor } from 'meteor/meteor';
 
 import { process2faReturn } from '../../../client/lib/2fa/process2faReturn';
-import { isTotpInvalidError, reportError } from '../../../client/lib/2fa/utils';
+import { isTotpInvalidError, isTotpMaxAttemptsError, reportError } from '../../../client/lib/2fa/utils';
 import { dispatchToastMessage } from '../../../client/lib/toast';
 import { t } from '../../utils/lib/i18n';
 
@@ -47,6 +47,14 @@ Meteor.loginWithPassword = function (email, password, cb) {
 			emailOrUsername: email,
 			onCode: (code) => {
 				Meteor.loginWithPasswordAndTOTP(email, password, code, (error) => {
+					if (isTotpMaxAttemptsError(error)) {
+						dispatchToastMessage({
+							type: 'error',
+							message: t('totp-max-attempts'),
+						});
+						cb();
+						return;
+					}
 					if (isTotpInvalidError(error)) {
 						dispatchToastMessage({
 							type: 'error',
@@ -55,7 +63,6 @@ Meteor.loginWithPassword = function (email, password, cb) {
 						cb();
 						return;
 					}
-
 					cb(error);
 				});
 			},

diff --git a/apps/meteor/app/2fa/server/code/EmailCheck.ts b/apps/meteor/app/2fa/server/code/EmailCheck.ts
@@ -69,26 +69,26 @@ ${t('If_you_didnt_try_to_login_in_your_account_please_ignore_this_email')}
 			return false;
 		}
 
-		if (!user.services || !Array.isArray(user.services?.emailCode)) {
+		if (!user.services?.emailCode) {
 			return false;
 		}
 
 		// Remove non digits
 		codeFromEmail = codeFromEmail.replace(/([^\d])/g, '');
 
-		await Users.removeExpiredEmailCodesOfUserId(user._id);
+		const { code, expire } = user.services.emailCode;
 
-		for await (const { code, expire } of user.services.emailCode) {
-			if (expire < new Date()) {
-				continue;
-			}
+		if (expire < new Date()) {
+			return false;
+		}
 
-			if (await bcrypt.compare(codeFromEmail, code)) {
-				await Users.removeEmailCodeByUserIdAndCode(user._id, code);
-				return true;
-			}
+		if (await bcrypt.compare(codeFromEmail, code)) {
+			await Users.removeEmailCodeOfUserId(user._id);
+			return true;
 		}
 
+		await Users.incrementInvalidEmailCodeAttempt(user._id);
+
 		return false;
 	}
 
@@ -109,7 +109,7 @@ ${t('If_you_didnt_try_to_login_in_your_account_please_ignore_this_email')}
 	}
 
 	public async processInvalidCode(user: IUser): Promise<IProcessInvalidCodeResult> {
-		await Users.removeExpiredEmailCodesOfUserId(user._id);
+		await Users.removeExpiredEmailCodeOfUserId(user._id);
 
 		// Generate new code if the there isn't any code with more than 5 minutes to expire
 		const expireWithDelta = new Date();
@@ -119,13 +119,15 @@ ${t('If_you_didnt_try_to_login_in_your_account_please_ignore_this_email')}
 
 		const emailOrUsername = user.username || emails[0];
 
-		const hasValidCode = user.services?.emailCode?.filter(({ expire }) => expire > expireWithDelta);
-		if (hasValidCode?.length) {
+		const hasValidCode =
+			user.services?.emailCode?.expire &&
+			user.services?.emailCode?.expire > expireWithDelta &&
+			!(await this.maxFaildedAttemtpsReached(user));
+		if (hasValidCode) {
 			return {
 				emailOrUsername,
 				codeGenerated: false,
-				codeCount: hasValidCode.length,
-				codeExpires: hasValidCode.map((i) => i.expire),
+				codeExpires: user.services?.emailCode?.expire,
 			};
 		}
 
@@ -136,4 +138,9 @@ ${t('If_you_didnt_try_to_login_in_your_account_please_ignore_this_email')}
 			emailOrUsername,
 		};
 	}
+
+	public async maxFaildedAttemtpsReached(user: IUser) {
+		const maxAttempts = settings.get<number>('Accounts_TwoFactorAuthentication_Max_Invalid_Email_Code_Attempts');
+		return (await Users.maxInvalidEmailCodeAttemptsReached(user._id, maxAttempts)) as boolean;
+	}
 }
diff --git a/apps/meteor/app/2fa/server/code/ICodeCheck.ts b/apps/meteor/app/2fa/server/code/ICodeCheck.ts
@@ -2,8 +2,7 @@ import type { IUser } from '@rocket.chat/core-typings';
 
 export interface IProcessInvalidCodeResult {
 	codeGenerated: boolean;
-	codeCount?: number;
-	codeExpires?: Date[];
+	codeExpires?: Date;
 	emailOrUsername?: string;
 }
 
@@ -15,4 +14,6 @@ export interface ICodeCheck {
 	verify(user: IUser, code: string, force?: boolean): Promise<boolean>;
 
 	processInvalidCode(user: IUser): Promise<IProcessInvalidCodeResult>;
+
+	maxFaildedAttemtpsReached(user: IUser): Promise<boolean>;
 }
diff --git a/apps/meteor/app/2fa/server/code/PasswordCheckFallback.ts b/apps/meteor/app/2fa/server/code/PasswordCheckFallback.ts
@@ -41,4 +41,8 @@ export class PasswordCheckFallback implements ICodeCheck {
 			codeGenerated: false,
 		};
 	}
+
+	public async maxFaildedAttemtpsReached(_user: IUser): Promise<boolean> {
+		return false;
+	}
 }
diff --git a/apps/meteor/app/2fa/server/code/TOTPCheck.ts b/apps/meteor/app/2fa/server/code/TOTPCheck.ts
@@ -38,4 +38,8 @@ export class TOTPCheck implements ICodeCheck {
 			codeGenerated: false,
 		};
 	}
+
+	public async maxFaildedAttemtpsReached(_user: IUser): Promise<boolean> {
+		return false;
+	}
 }
diff --git a/apps/meteor/app/2fa/server/code/index.ts b/apps/meteor/app/2fa/server/code/index.ts
@@ -217,6 +217,15 @@ export async function checkCodeForUser({ user, code, method, options = {}, conne
 
 	const valid = await selectedMethod.verify(existingUser, code, options.requireSecondFactor);
 	if (!valid) {
+		const tooManyFailedAttempts = await selectedMethod.maxFaildedAttemtpsReached(existingUser);
+		if (tooManyFailedAttempts) {
+			throw new Meteor.Error('totp-max-attempts', 'TOTP Maximun Failed Attempts Reached', {
+				method: selectedMethod.name,
+				...data,
+				availableMethods,
+			});
+		}
+
 		throw new Meteor.Error('totp-invalid', 'TOTP Invalid', {
 			method: selectedMethod.name,
 			...data,

diff --git a/apps/meteor/app/2fa/server/loginHandler.ts b/apps/meteor/app/2fa/server/loginHandler.ts
@@ -26,19 +26,14 @@ Accounts.registerLoginHandler('totp', function (options) {
 callbacks.add(
 	'onValidateLogin',
 	async (login) => {
-		if (login.methodName === 'verifyEmail') {
-			throw new Meteor.Error('verify-email', 'E-mail verified');
-		}
-
-		if (login.type === 'resume' || login.type === 'proxy' || (login.type === 'password' && login.methodName === 'resetPassword')) {
-			return login;
-		}
-		// CAS login doesn't yet support 2FA.
-		if (login.type === 'cas') {
-			return login;
-		}
-
-		if (!login.user) {
+		if (
+			!login.user ||
+			login.type === 'resume' ||
+			login.type === 'proxy' ||
+			login.type === 'cas' ||
+			(login.type === 'password' && login.methodName === 'resetPassword') ||
+			login.methodName === 'verifyEmail'
+		) {
 			return login;
 		}
 

diff --git a/apps/meteor/app/api/server/v1/misc.ts b/apps/meteor/app/api/server/v1/misc.ts
@@ -538,7 +538,7 @@ API.v1.addRoute(
 				this.token ||
 				crypto
 					.createHash('md5')
-					.update(this.requestIp + this.request.headers['user-agent'])
+					.update(this.requestIp + this.user._id)
 					.digest('hex');
 
 			const rateLimiterInput = {
@@ -594,12 +594,7 @@ API.v1.addRoute(
 
 			const { method, params, id } = data;
 
-			const connectionId =
-				this.token ||
-				crypto
-					.createHash('md5')
-					.update(this.requestIp + this.request.headers['user-agent'])
-					.digest('hex');
+			const connectionId = this.token || crypto.createHash('md5').update(this.requestIp).digest('hex');
 
 			const rateLimiterInput = {
 				userId: this.userId || undefined,

diff --git a/apps/meteor/app/api/server/v1/oauthapps.ts b/apps/meteor/app/api/server/v1/oauthapps.ts
@@ -27,6 +27,10 @@ API.v1.addRoute(
 	{ authRequired: true, validateParams: isOauthAppsGetParams },
 	{
 		async get() {
+			if (!(await hasPermissionAsync(this.userId, 'manage-oauth-apps'))) {
+				return API.v1.unauthorized();
+			}
+
 			const oauthApp = await OAuthApps.findOneAuthAppByIdOrClientId(this.queryParams);
 
 			if (!oauthApp) {

diff --git a/apps/meteor/app/cloud/server/functions/buildRegistrationData.ts b/apps/meteor/app/cloud/server/functions/buildRegistrationData.ts
@@ -61,7 +61,13 @@ export async function buildWorkspaceRegistrationData<T extends string | undefine
 	const firstUser = await Users.getOldest({ projection: { name: 1, emails: 1 } });
 	const contactName = firstUser?.name || '';
 
-	const { organizationType, industry, size: orgSize, country, language, serverType: workspaceType, registerServer } = stats.wizard;
+	const country = settings.get<string>('Country');
+	const language = settings.get<string>('Language');
+	const organizationType = settings.get<string>('Organization_Type');
+	const industry = settings.get<string>('Industry');
+	const orgSize = settings.get<string>('Organization_Size');
+	const workspaceType = settings.get<string>('Server_Type');
+
 	const seats = await Users.getActiveLocalUserCount();
 	const [macs] = await LivechatRooms.getMACStatisticsForPeriod(moment.utc().format('YYYY-MM'));
 
@@ -94,7 +100,7 @@ export async function buildWorkspaceRegistrationData<T extends string | undefine
 		...(license && { license }),
 		enterpriseReady: true,
 		setupComplete: setupWizardState === 'completed',
-		connectionDisable: !registerServer,
+		connectionDisable: false,
 		npsEnabled,
 		MAC: macs?.contactsCount ?? 0,
 		// activeContactsBillingMonth: stats.omnichannelContactsBySource.contactsCount,

diff --git a/apps/meteor/app/cloud/server/functions/supportedVersionsToken/supportedVersionsToken.ts b/apps/meteor/app/cloud/server/functions/supportedVersionsToken/supportedVersionsToken.ts
@@ -12,7 +12,7 @@ import { buildVersionUpdateMessage } from '../../../../version-check/server/func
 import { generateWorkspaceBearerHttpHeader } from '../getWorkspaceAccessToken';
 import { supportedVersionsChooseLatest } from './supportedVersionsChooseLatest';
 
-declare module '@rocket.chat/license' {
+declare module '@rocket.chat/core-typings' {
 	interface ILicenseV3 {
 		supportedVersions?: SignedSupportedVersions;
 	}

diff --git a/apps/meteor/app/lib/server/functions/createRoom.ts b/apps/meteor/app/lib/server/functions/createRoom.ts
@@ -39,6 +39,7 @@ async function createUsersSubscriptions({
 		const extra: Partial<ISubscriptionExtraData> = options?.subscriptionExtra || {};
 		extra.open = true;
 		extra.ls = now;
+		extra.roles = ['owner'];
 
 		if (room.prid) {
 			extra.prid = room.prid;